Lucene search
GoogleOSV:GHSA-HX54-PF28-7XCHHistoryJun 07, 2024 - 9:31 p.m.
ebookmeta XML External Entity vulnerability
2024-06-0721:31:54
Google
osv.dev
5
xml external entity
vulnerability
ebookmeta
lxml
attacker
sensitive information
denial of service
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
37.8%
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function via lxml dependency allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
Related
nessus
nessus
EulerOS 2.0 SP9 : python-lxml (EulerOS-SA-2024-2402)
2024-09-12 00:00:00
EulerOS 2.0 SP10 : python-lxml (EulerOS-SA-2024-2427)
2024-09-12 00:00:00
EulerOS 2.0 SP9 : python-lxml (EulerOS-SA-2024-2377)
2024-09-12 00:00:00
github
github
ebookmeta XML External Entity vulnerability
2024-06-07 21:31:54
openvas
openvas
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2402)
2024-09-12 00:00:00
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2450)
2024-09-12 00:00:00
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2377)
2024-09-12 00:00:00
nvd
nvd
CVE-2024-37388
2024-06-07 19:15:24
cvelist
cvelist
CVE-2024-37388
2024-06-07 00:00:00
ubuntucve
ubuntucve
CVE-2024-37388
2024-06-07 00:00:00
cve
cve
CVE-2024-37388
2024-06-07 19:15:24
vulnrichment
vulnrichment
CVE-2024-37388
2024-06-07 00:00:00
veracode
veracode
XML Entity Expansion (XXE)
2024-06-12 06:24:29
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
37.8%
Related for OSV:GHSA-HX54-PF28-7XCH